PT-2025-22221 · Linux+5 · Linux Kernel+5

Published

2025-05-09

·

Updated

2026-04-20

·

CVE-2025-37960

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12
Description A vulnerability in the Linux kernel has been resolved. The issue occurs in the memblock double array() function when increasing the array size and the slab is not yet available. A call to memblock find in range() is used to reserve/allocate memory, but the range returned may not have been accepted, resulting in a crash when booting an SNP guest. The vulnerability can be mitigated by calling accept memory() on the memory range returned before the slab is available.
Recommendations For Linux kernel versions prior to 6.12, apply the patch that calls accept memory() on the memory range returned before the slab is available, adjusting the accept memory() call to specify 'start + size' for 'end' when applying to kernels prior to v6.12.

Exploit

Fix

Allocation of Resources Without Limits

Weakness Enumeration

CWE-770

Related Identifiers

BDU:2025-12291
CVE-2025-37960
OESA-2025-2120
OESA-2025-2121
OESA-2025-2122
SUSE-SU-2025:01919-1
SUSE-SU-2025:01951-1
SUSE-SU-2025:01964-1
SUSE-SU-2025:01965-1
SUSE-SU-2025:01967-1
SUSE-SU-2025:01972-1
SUSE-SU-2025:02000-1
SUSE-SU-2025:20408-1
SUSE-SU-2025:20413-1
SUSE-SU-2025:20419-1
SUSE-SU-2025:20421-1
SUSE-SU-2025_01951-1
SUSE-SU-2025_01964-1
SUSE-SU-2025_01965-1
SUSE-SU-2025_01967-1
SUSE-SU-2025_01972-1
SUSE-SU-2025_02000-1
USN-7699-1
USN-7699-2
USN-7721-1
USN-8028-1
USN-8028-2
USN-8028-3
USN-8028-4
USN-8028-5
USN-8028-6
USN-8028-7
USN-8028-8
USN-8031-1
USN-8031-2
USN-8031-3
USN-8052-1
USN-8052-2
USN-8074-1
USN-8074-2
USN-8126-1

Affected Products

Astra Linux
Linuxmint
Linux Kernel
Red Os
Suse
Ubuntu